It is their choice ultimately, but to paraphrase a comment you have made in the past, characterizing xp_cmdshell as "safe as a SELECT statement" is just plain inaccurate. In the spirit of full disclosure, and especially on a public forum, I'll call out the problems with xp_cmdshell every single time and steer people towards more secure, more extensible and more auditable solutions. The fact is that a system with xp_cmdshell disabled has less security exposures, has less vulnerabilities and is more auditable than a system where it is enabled. I feel like it is irresponsible to portray xp_cmdshell in any other way. To push the idea that as long as only a few people are in the sysadmin Role and there is no Proxy setup that your instance is secure and auditable is simply not true, speaking of lulling people into a false sense of security.